Researchers at Check Point found a vulnerability in Qualcomm’s mobile station modem (MSM) chips, which are trusted with cellular communication in nearly 40% of the world’s Android phones. Researchers said, “If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and invisible code into phones, granting them access to SMS messages and audio of phone conversations.”
What is Qualcomm’s MSM Chip?
Designed by Qualcomm, this system on chip (SoC) is an ongoing series of a 2G/3G/4G/5G capable system being manufactured since the early 1990s. MSM has been specifically designed for high-end phones and supports advanced features like 4G LTE and high-definition recording. This chip communicates with the operating systems (OS) using the 3rd Generation Partnership Project (3GPP) technology. However, when it comes to Android, the chip uses Qualcomm’s proprietary protocol the MSM Interface (QMI). This protocol enables the communication between the software components in the MSM with other peripheral subsystems on the device including cameras and fingerprint scanners.
The vulnerability, which can now be tracked under CVE-2020-11292, could allow the attackers to exploit a “heap overflow” weakness in the QMI interface. This is used by the company’s cellular processors to interface with the software stack. Once successful, it gives rights to the attackers for controlling the modem and dynamically patching it from the application processor.
This vulnerability could help malicious apps disguise their activity under the modem chip, thus, masking it from Android’s security controls. Additionally, it could also enable attackers to unlock the SIM details of the targeted mobile that included network authentication info and contact information.
Check Point’s researchers found the vulnerability in October 2020 and immediately informed Qualcomm in responsible disclosure. Qualcomm notified all its vendors about the issue and sent a security update to them by December 2020. However, it took time in disclosing the vulnerability to the end-users, and thus it was finally made public only on May 6, 2021.
Not the First Time
Earlier in 2020, Qualcomm’s Snapdragon Digital Signal Processor (DSP) chips were riddled by six high severity vulnerabilities that allowed attackers to take control of users’ mobile devices without their knowledge. Click here to know more.